The US Cybersecurity and Infrastructure Security Agency (CISA) has published a dozen advisories warning of vulnerabilities in various Industrial Control Systems (ICS). Affected products include Sewio RTLS Studio, 2 RONDS Equipment Predictive Maintenance Solution, InHand Networks InRouter, Panasonic Sanyo CCTV Network Camera, SAUTER Controls Nova 200 – 220 Series (PLC 6), Johnson Controls Metasys, Hitachi Energy Lumada APM, Siemens S7-1500 CPU devices, Siemens Mendix SAML Module, Siemens Automation License Manager, Siemens Solid Edge before V2023 MP1, and Philips Patient Information Center iX (PIC iX) and Efficia CM Series (Update A).
- ICSA-23-012-01 Sewio RTLS Studio
- ICSA-23-012-02 RONDS Equipment Predictive Maintenance Solution
- ICSA-23-012-03 InHand Networks InRouter
- ICSA-23-012-04 Panasonic Sanyo CCTV Network Camera
- ICSA-23-012-05 SAUTER Controls Nova 200 – 220 Series (PLC 6)
- ICSA-23-012-06 Johnson Controls Metasys
- ICSA-23-012-07 Hitachi Energy Lumada APM
- ICSA-23-012-08 Siemens S7-1500 CPU devices
- ICSA-23-012-09 Siemens Mendix SAML Module
- ICSA-23-012-10 Siemens Automation License Manager
- ICSA-23-012-11 Siemens Solid Edge before V2023 MP1
- ICSMA-21-322-02 Philips Patient Information Center iX (PIC iX) and Efficia CM Series (Update A)
Note
- You should be subscribed to these notifications, in addition to your vendor security bulletins. (The subscribe information is at the bottom of the CISA web page below.) Note that the alerts for InHand’s InRouter include CVE-2023-22600, a remote command injection flaw, with a CVSS score of 10.0. I know you’re focusing on proper segmenting and monitoring, don’t forget to ensure updates are also applied.
Read more in
- CISA Releases Twelve Industrial Control Systems Advisories
- ICS Advisory (ICSA-23-012-01): Sewio RTLS Studio
- ICS Advisory (ICSA-23-012-03): InHand Networks InRouter
- ICS Advisory (ICSA-23-012-05): SAUTER Controls Nova 200 – 220 Series (PLC 6)
- ICS Advisory (ICSA-23-012-09): Siemens Mendix SAML Module
- Cross Site Scripting (XSS)
